Go to listing page

Cyware Daily Threat Intelligence, March 29, 2021

Cyware Daily Threat Intelligence, March 29, 2021

Share Blog Post

In the wake of several recent high-profile hacks, supply chain threats have gained a lot of attention. However, the onslaught of such threats continues, with the PHP programming language becoming the latest victim. Threat actors pushed malicious commits to the official Git repository of PHP to inject malware into the source code. 

Over the weekend, we also witnessed the discovery of new threats, including an Android spyware that disguises itself as a critical system update. There is also a group of malicious Docker images that was used in a cryptojacking operation to hijack devices to mine for Monero cryptocurrency. 

Top Breaches Reported in the Last 24 Hours
PHP source code hack
PHP programming language developers suffered a supply chain attack through their Git server. Two malicious commits imitating the signatures of known PHP developers and maintainers were pushed to the php-src Git repository on the git.php.net server.
Channel Nine disrupted
Australia’s Channel Nine TV network suffered a cyberattack over the weekend that disrupted its live broadcast. The network was unable to air several shows on Sunday, including Weekend Today.
Germany Parliament under attack
The email accounts of the members of the German Parliament were targeted in a spearphishing attack. The attack, reportedly, impacted seven members of the Bundestag and 31 members of regional parliaments. A Russia-linked threat group called Ghostwriter is believed to be the suspect behind the attack.

Top Malware Reported in the Last 24 Hours
New Android spyware
Security researchers discovered a new Android spyware that poses as an app called “System Update”. The malware is capable of hiding itself and exfiltrating various user data such as messages, contacts, device details, browser bookmarks, and search history. It can also record calls and ambient sound from the microphone, and take photos using the phone’s cameras.
Docker cryptojacking images
While analyzing Docker Hub, Unit 42 researchers found 30 malicious images that were downloaded a total of 20 million times. These images were being used as part of a cryptojacking operation worth $200,000.
Ziggy shuts down
After announcing the closure of their operations back in February, the operators behind the Ziggy ransomware leaked 922 decryption keys, along with an offline decryptor tool. Now, they have also claimed to return the ransom paid by the victims.

Top Vulnerabilities Reported in the Last 24 Hours
Flaw in Netmask
A group of researchers disclosed a flaw in the popular netmask networking library. The NPM library has gained over 238 million downloads in total. The vulnerability, tracked as CVE-2021-28918, stems from the way netmask processes a decimal IPv4 address containing a leading zero.
Apple patches iOS zero-day
Apple released security updates in the form of iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3 to patch a zero-day vulnerability that is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability was discovered in the Webkit browser engine and can allow attackers to launch universal cross-site scripting attacks.
OpenSSL releases security patches
Two high-severity security flaws, tracked as CVE-2021-3449 and CVE-2021-3450, in OpenSSL 1.1.1 could be exploited to carry out denial-of-service attacks and bypass certificate verification. The maintainers have released the version OpenSSL 1.1.1k to fix the two flaws.


php programming language
ziggy ransomware
android spyware
ios vulnerability
supply chain attack
openssl vulnerabilities
malicious docker images
german parliament hack
channel nine

Posted on: March 29, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite